Cryptology ePrint Archive: Report 2017/538

New security notions and feasibility results for authentication of quantum data

Sumegha Garg and Henry Yuen and Mark Zhandry

Abstract: We give a new class of security definitions for authentication in the quantum setting. These definitions capture and strengthen existing definitions of security against quantum adversaries for both classical message authentication codes (MACs) as well as full quantum state authentication schemes. The main feature of our definitions is that they precisely characterize the effective behavior of any adversary when the authentication protocol accepts, including correlations with the key. Our definitions readily yield a host of desirable properties and interesting consequences; for example, our security definition for full quantum state authentication implies that the entire secret key can be re-used if the authentication protocol succeeds. Next, we present several protocols satisfying our security definitions. We show that the classical Wegman-Carter authentication scheme with 3-universal hashing is secure against superposition attacks, as well as adversaries with quantum side information. We then present conceptually simple constructions of full quantum state authentication. Finally, we prove a lifting theorem which shows that, as long as a protocol can securely authenticate the maximally entangled state, it can securely authenticate any state, even those that are entangled with the adversary. Thus, this shows that protocols satisfying a fairly weak form of authentication security automatically satisfy a stronger notion of security (in particular, the definition of Dupuis, et al (2012)).

Category / Keywords: Quantum message authentication, Wegman-Carter authentication scheme, Unitary designs.

Original Publication (in the same form): IACR-CRYPTO-2017

Date: received 5 Jun 2017

Contact author: sumeghag at cs princeton edu, hyuen@cs berkeley edu, mzhandry@princeton edu

Available format(s): PDF | BibTeX Citation

Version: 20170608:155106 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]